How does a client password protect a directory?

I've been trying to figure this out for a while now - it seems like there must be a simple solution that I'm just missing. I even purchased the ISPConfig 3 manual but couldn't find the answer in it after doing a few searches and going through the TOC.

I have ISPConfig clients that want to create apache .htpasswd protected directories. Can they do that from the control panel? Is there another way they can password protect web and/or ftp directories? If this is in the manual please tell me what page.

I found something that said this is possible through the web-FTP, but I cannot find web-FTP in the manual.

It's not in the manual, because .htpasswd or directory access control is not a feature of ISPConfig.

If your client has FTP access to their website (i.e. your server) then they already have all they need to set up their own directory security.

This is done in two portions;

1- they add a .htaccess file into the directory in question.
2- they add a .htpasswd file into a directory which is *not* served (i.e. it resides in a separate directory at the same level as the "web" directory)

e.g.

web1/web/client-private-dir/.htaccess

web1/private/.htpassword

(Your client creates the latter directory themselves. It is not served by the web server.)

Check out here for more info on actually creating the .htaccess and .htpasswd files: